Tech
Mandrake Android Spyware Resurfaces
The Mandrake Android spyware has re-emerged with new features and advanced infiltration techniques. Discover everything you need to know about this software that threatens user privacy.
Mandrake Android Spyware Returns
The Android spyware known as Mandrake, discovered in 2020, appears to be resurfacing. This week, Kaspersky researchers announced that they detected a suspicious sample resembling a new version of the malware in the Google Play store back in April. Following a detailed investigation, five separate applications containing Mandrake malware that have been present for the past two years were identified.
Experts indicate that the new version of Mandrake has been updated with various obfuscation layers that allow it to bypass Google Play’s security checks. As a result, at least five applications harboring the malware managed to infiltrate Google Play in 2022. Although many of the applications containing this malicious software have less than 1,000 downloads, a notable example, the AirFS application, was downloaded over 30,000 times. Even more concerning was the fact that this application was available on Google Play until March 2024 and was only eventually removed.
Among the Mandrake applications reported by Kaspersky researchers, the following names are included:
- AirFS by it9042 – File sharing over Wi-Fi (30,305 downloads)
- Astro Explorer by Shevabad (718 downloads)
- Amber by kodaslda (19 downloads)
- CryptoPulsing by Shevabad (790 downloads)
- Brain Matrix by kodaslda (259 downloads)
According to Kaspersky, Mandrake is used for stealing user credentials and subsequently downloading and executing malicious applications. The latest version of Mandrake’s increased success in hiding from Google Play protections has allowed these harmful applications to remain unnoticed in Google’s app store for such an extended period. Kaspersky researchers emphasize that Mandrake spyware is dynamically evolving and continuously developing new methods to conceal itself and bypass security measures.
Having managed to stay under the radar for four years during its initial campaign, Mandrake has also succeeded in remaining hidden for two years with its current campaign. Keeping the Google Play Protect feature active on your device may help protect you against such malware. Fortunately, at least these five applications have now been removed from the Google Play Store.